Scribd Logo
Upload

Welcome to Scribd!

  • Firewall

    Uploaded by

    ED Knkx
    66 views1 page
    reglas de balanceo

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    reglas de balanceo

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    66 views1 page

    Firewall

    Uploaded by

    ED Knkx
    reglas de balanceo

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    Script de Seguridad Profesional.

    /ip firewall filter


    add chain=input comment="*************Accept established connection packets"
    connection-state=established
    add chain=input comment="Accept related connection packets" connection-
    state=related
    add action=drop chain=input comment="Drop invalid packets" connection-state=invalid
    add action=add-src-to-address-list address-list=ICMP address-list-timeout=1m
    chain=input comment="*************Start Port KnockingA By Jesus Garcia"
    disabled=yes protocol=icmp
    add action=add-src-to-address-list address-list="ICMP + Http" address-list-
    timeout=2m chain=input disabled=yes dst-port=80 protocol=tcp src-address-list=ICMP
    add action=drop chain=input comment="End Port KnockingA" disabled=yes dst-
    port=22,23,8291 protocol=tcp src-address-list="!ICMP + Http"
    add action=add-src-to-address-list address-list=Temp1 address-list-timeout=5m
    chain=input comment="*************Start Port KnockingB By Jesus Garcia"
    disabled=yes dst-port=\
    1000 protocol=tcp
    add action=add-src-to-address-list address-list=Temp1+Temp2 address-list-timeout=5m
    chain=input disabled=yes dst-port=2000 protocol=tcp src-address-list=Temp1
    add action=add-src-to-address-list address-list=Temp1+Temp2+Cantito address-list-
    timeout=5m chain=input disabled=yes dst-port=3000 protocol=tcp src-address-list=\
    Temp1+Temp2
    add action=drop chain=input comment="END Port KnockingB" disabled=yes dst-
    port=22,23,8291 protocol=tcp src-address-list=!Temp1+Temp2+Cantito
    add chain=input comment="*************Permitir Protocolos ICMP" connection-
    limit=15,32 icmp-options=0:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=8:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=3:3 limit=5,5 protocol=icmp
    add chain=input icmp-options=11:0 limit=5,5 protocol=icmp
    add chain=input icmp-options=3:4 limit=5,5 protocol=icmp
    add action=drop chain=input protocol=icmp
    add action=tarpit chain=input comment="*************Impedir Atacante DOS genere
    nuevas conecxiones" protocol=tcp src-address-list="Lista Negra"
    add action=add-src-to-address-list address-list="Lista Negra" address-list-
    timeout=1d chain=input comment="Deteccion de DOS" connection-limit=100,32
    add action=drop chain=forward comment="Block Atakante DOS" protocol=tcp src-
    address-list="Lista Negra"
    add action=drop chain=input comment="*************Block Intrusos WebProxy" dst-
    port=3128 in-interface=WAN protocol=tcp
    add action=drop chain=input comment="Block Intrusos DNS" dst-port=53 in-
    interface=WAN protocol=udp
    add action=drop chain=forward comment="*************BLOCK SPAMMERS OR INFECTED
    USERS" dst-port=25 protocol=tcp src-address-list=spammer
    add action=add-src-to-address-list address-list=spammer address-list-timeout=1d
    chain=forward comment="Detect and add-list SMTP virus or spammers" connection-
    limit=30,32 \
    dst-port=25 limit=50,5 protocol=tcp
    add action=jump chain=forward comment="jump to the virus chain" jump-target=virus
    add chain=input comment="*************Permitir el Acceso al Router desde Redes
    Conocidas" disabled=yes src-address-list="Permitir IPs for Access"
    add action=drop chain=input comment="*************Drop all INPUT" disabled=yes

    Fuente:
    http://wiki.mikrotik.com/wiki/Manual:IP/Firewall

    You might also like